Detections
Analytics
HP ArcSight ESM < 6.5c SP1 P1 / 6.8c Multiple Vulnerabilities
critical Nessus Plugin ID 82848
Language:
Synopsis
A security management system installed on the remote host is affected by multiple vulnerabilities.Description
According to its self-reported version number, the version of HP ArcSight Enterprise Security Manager (ESM) installed on the remote host is prior to 6.5.1.1845.0 (6.5c SP1 P1) or 6.8.0.1896 (6.8c). It is, therefore, affected by multiple vulnerabilities :- A cross-site scripting (XSS) vulnerability exists due to a failure to validate input to tooltips before returning it to the user. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2014-7885)
- A cross-site request forgery (XSRF) vulnerability exists due to a failure to require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. A remote attacker can exploit this by convincing a user to follow a specially crafted link, allowing the attacker to make changes to rules or resources on the system.
Solution
Upgrade to HP ArcSight ESM 6.5.1.1845.0 (6.5c SP1 P1) / 6.8.0.1896 (6.8c) or later.See Also
Plugin Details
Severity: Critical
ID: 82848
File Name: arcsight_esm_68c.nasl
Version: 1.12
Type: local
Agent: unix
Family: Misc.
Published: 4/17/2015
Updated: 10/25/2021
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2014-7885
Vulnerability Information
CPE: cpe:/a:hp:arcsight_enterprise_security_manager
Required KB Items: installed_sw/HP ArcSight Enterprise Security Manager
Exploit Ease: No known exploits are available
Patch Publication Date: 3/11/2015
Vulnerability Publication Date: 3/11/2015
Reference Information
CVE: CVE-2014-7885
BID: 73073
CERT: 868948
HP: HPSBGN03249, SSRT101697, emr_na-c04562193